tut2.html

WINDOWS程序员使用指南--汇编基础

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="GENERATOR" content="Mozilla/4.51 [en] (Win95; I) [Netscape]">
   <title>Iczelion's Win32 ASM tutorial 2: MessageBox</title>
</head>
<body text="#CCCCCC" bgcolor="#000000" link="#FFFF33" vlink="#800080" alink="#0000FF">

<center>
<h1>
<font face="Arial"><font color="#999900">Tutorial 2: MessageBox</font></font></h1></center>
<font face="Arial"><font color="#CCCCCC"><font size=-1>In this tutorial,
we will create a fully functional Windows program that displays a message
box saying "Win32 assembly is great!".</font></font></font>
<p><font face="Arial"><font color="#CCCCCC"><font size=-1>Download the
example file <a href="files/tut02.zip">here</a>.</font></font></font>
<h3>
<font face="Arial"><font color="#66FFFF">Theory:</font></font></h3>
<font face="Arial"><font color="#CCCCCC"><font size=-1>Windows prepares
a wealth of resources for Windows programs. Central to this is the Windows
API (Application Programming Interface). Windows API is a huge collection
of very useful functions that reside in Windows itself, ready for use by
any Windows programs. These functions are stored in several dynamic-linked
libraries (DLLs) such as kernel32.dll, user32.dll and gdi32.dll. Kernel32.dll
contains API functions that deal with memory and process management. User32.dll
controls the user interface aspects of your program. Gdi32.dll is responsible
for graphics operations. Other than "the main three", there are other DLLs
that your program can use, provided you have enough information about the
desired API functions.</font></font></font>
<br><font face="Arial"><font color="#CCCCCC"><font size=-1>Windows programs
dynamically link to these DLLs, ie. the codes of API functions are not
included in the Windows program executable file. In order for your program
to know where to find the desired API functions at runtime, you have to
embed that information into the executable file. The information is in
import libraries. You must link your programs with the correct import libraries
or they will not be able to locate API functions.</font></font></font>
<br><font face="Arial"><font color="#CCCCCC"><font size=-1>When a Windows
program is loaded into memory, Windows reads the information stored in
the program. That information includes the names of functions the program
uses and the DLLs those functions reside in. When Windows finds such info
in the program, it'll load the DLLs and perform function address fixups
in the program so the calls will transfer control to the right function.</font></font></font>
<br><font face="Arial"><font color="#CCCCCC"><font size=-1>There are two
categoriesof API functions: One for ANSI and the other for Unicode. The
names of API functions for ANSI are postfixed with "A", eg. MessageBoxA.
Those for Unicode are postfixed with "W" (for Wide Char, I think). Windows
95 natively supports ANSI and Windows NT Unicode.</font></font></font>
<br><font face="Arial"><font color="#CCCCCC"><font size=-1>We are usually
familiar with ANSI strings, which are arrays of characters terminated by
NULL. ANSI character is 1 byte in size. While ANSI code is sufficient for
European languages, it cannot handle several oriental languages which have
several thousands of unique characters. That's why UNICODE comes in. A
UNICODE character is 2 bytes in size, making it possible to have 65536
unique characters in the strings.</font></font></font>
<br><font face="Arial"><font color="#CCCCCC"><font size=-1>But most of
the time, you will use an include file which can determine and select the
appropriate API functions for your platform. Just refer to API function
names without the postfix.</font></font></font>
<h3>
<font face="Arial"><font color="#00CCCC">Example:</font></font></h3>
<font face="Arial"><font color="#CCCCCC"><font size=-1>I'll present the bare program 
skeleton below. We will flesh it out later.</font></font></font> 
<p><b><font face="Arial"><font color="#FFFF99"><font size=-1>.386<br>
  .model flat, stdcall</font></font></font></b> <br>
  <b><font face="Arial"><font color="#FFFF99"><font size=-1>.data</font></font></font></b> 
  <br>
  <b><font face="Arial"><font color="#FFFF99"><font size=-1>.code</font></font></font></b> 
  <br>
  <b><font face="Arial"><font color="#FFFF99"><font size=-1>start:</font></font></font></b> 
  <br>
  <b><font face="Arial"><font color="#FFFF99"><font size=-1>end start</font></font></font></b> 
<p><font face="Arial"><font size=-1><font color="#CCCCCC">The execution
starts from the first instruction immediately below the label specified
after </font><font color="#FFFF99">end</font><font color="#CCCCCC"> directive.
In the above skeleton, the execution will start at the first instruction
immediately below</font><font color="#FFFF99"> start</font><font color="#CCCCCC">
label. The execution will proceed instruction by instruction until some
flow-control instructions such as</font><font color="#FFFF99"> jmp</font><font color="#CCCCCC">,
</font><font color="#FFFF99">jne</font><font color="#CCCCCC">, </font><font color="#FFFF99">je</font><font color="#CCCCCC">,
</font><font color="#FFFF99">ret</font><font color="#CCCCCC"> etc is found.
Those instructions redirect the flow of execution to some other instructions.
When the program needs to exit to Windows, it should call an API function,
ExitProcess.</font></font></font>
<p><b><font face="Arial"><font color="#99FF99"><font size=-1>ExitProcess
proto uExitCode:DWORD</font></font></font></b>
<p><font face="Arial"><font color="#CCCCCC"><font size=-1>The above line
is called a function prototype. A function prototype defines the attributes
of a function to the assembler/linker so it can do type-checking for you.
The format of a function prototype is like this:</font></font></font>
<p><b><font face="Arial"><font size=-1><font color="#CCCCCC">FunctionName
PROTO </font><font color="#CCCC99">[ParameterName]</font><font color="#CCCCCC">:DataType,</font><font color="#CCCC99">[ParameterName]</font><font color="#CCCCCC">:DataType,...</font></font></font></b>
<p><font face="Arial"><font color="#CCCCCC"><font size=-1>In short, the
name of the function followed by the keyword PROTO and then by the list
of data types of the parameters,separated by commas. In the ExitProcess
example above, it defines ExitProcess as a function which takes only one
parameter of type DWORD. Functions prototypes are very useful when you
use the high-level call syntax, invoke. You can think of invoke as a simple
call with type-checking. For example, if you do:</font></font></font>
<p><font face="Arial"><font color="#CCCCCC"><font size=-1>call ExitProcess</font></font></font>
<p><font face="Arial"><font color="#CCCCCC"><font size=-1>without pushing
a dword onto the stack, the assembler/linker will not be able to catch
that error for you. You'll notice it later when your program crashes. But
if you use:</font></font></font>
<p><font face="Arial"><font color="#FFFF99"><font size=-1>invoke ExitProcess</font></font></font>
<p><font face="Arial"><font size=-1><font color="#CCCCCC">The linker will
inform you that you forgot to push a dword on the stack thus avoiding error.
I recommend you use</font><font color="#FFFF99"> invoke</font><font color="#CCCCCC">
instead of simple call. The syntax of invoke is as follows:</font></font></font>
<p><b><font face="Arial"><font color="#CC0000"><font size=-1>INVOKE&nbsp;
expression [,arguments]</font></font></font></b>
<p><font face="Arial"><font color="#CCCCCC"><font size=-1>expression can
be the name of a function or it can be a function pointer. The function
parameters are separated by commas.</font></font></font>
<p><font face="Arial"><font color="#CCCCCC"><font size=-1>Most of function
prototypes for API functions are kept in include files. If you use hutch's
MASM32, they will be in MASM32/include folder. The include files have .inc
extension and the function prototypes for functions in a DLL is stored
in .inc file with the same name as the DLL. For example, ExitProcess is
exported by kernel32.lib so the function prototype for ExitProcess is stored
in kernel32.inc.</font></font></font>
<br><font face="Arial"><font color="#CCCCCC"><font size=-1>You can also
create function prototypes for your own functions.</font></font></font>
<br><font face="Arial"><font color="#CCCCCC"><font size=-1>Throughout my
examples, I'll use hutch's windows.inc which you can download from http://win32asm.cjb.net</font></font></font>
<p><font face="Arial"><font color="#CCCCCC"><font size=-1>Now back to ExitProcess,
uExitCode parameter is the value you want the program to return to Windows
after the program terminates. You can call ExitProcess like this:</font></font></font>
<p><b><font face="Arial"><font color="#FFCC66"><font size=-1>invoke ExitProcess,
0</font></font></font></b>
<p><font face="Arial"><font color="#CCCCCC"><font size=-1>Put that line
immediately below start label, you will get a win32 program which immediately
exits to Windows, but it's a valid program nonetheless.</font></font></font>
<p><b><font face="Arial"><font color="#FFFF99"><font size=-1>.386</font></font></font></b> 
  <br>
  <b><font face="Arial"><font color="#FFFF99"><font size=-1>.model flat, stdcall</font></font></font></b> 
  <br>
  <b><font face="Arial"><font color="#FFFF99"><font size=-1>option casemap:none</font></font></font></b> 
  <br>
  <b><font face="Arial"><font color="#FF9999"><font size=-1>include \masm32\include\windows.inc</font></font></font></b> 
  <br>
  <b><font face="Arial"><font color="#FF9999"><font size=-1>include \masm32\include\kernel32.inc</font></font></font></b> 
  <br>
  <b><font face="Arial"><font color="#FF9999"><font size=-1>includelib \masm32\lib\kernel32.lib</font></font></font></b> 
  <br>
  <b><font face="Arial"><font color="#FFFF99"><font size=-1>.data</font></font></font></b> 
  <br>
  <b><font face="Arial"><font color="#FFFF99"><font size=-1>.code</font></font></font></b> 
  <br>
  <b><font face="Arial"><font color="#FFFF99"><font size=-1>start:</font></font></font></b> 
  <br>
  <b><font face="Arial"><font color="#FF9999"><font size=-1>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;invoke 
  ExitProcess,0</font></font></font></b> <br>
  <b><font face="Arial"><font color="#FFFF99"><font size=-1></font></font></font></b><b><font face="Arial"><font color="#FFFF99"><font size=-1>end 
  start</font></font></font></b> 
<p>option casemap:none tells MASM to make labels case-sensitive so ExitProcess 
  and exitprocess are different. <font face="Arial"><font size=-1><font color="#CCCCCC">Note 
  a new directive,</font><font color="#FFFF99"> include</font><font color="#CCCCCC">. 
  This directive is followed by the name of a file you want to insert at the place 
  the directive is. In the above example, when MASM processes the line </font><font color="#FFFF99">include 
  \masm32\include\windows.inc</font><font color="#CCCCCC">, it will open windows.inc 
  which is in \MASM32\include folder and process the content of windows.inc as 
  if you paste the content of windows.inc there. hutch's windows.inc contains 
  definitions of constants and structures you need in win32 programming. It doesn't 
  contain any function prototype. windows.inc is by no means comprehensive. hutch 
  and I try to put as many constants and structures into it as possible but there 
  are still many left to be included. It'll be constantly updated. Check out hutch's 
  and my homepage for updates.</font></font></font> <br>
  <font face="Arial"><font color="#CCCCCC"><font size=-1>From windows.inc, your 
  program got constant and structure definitions. Now for function prototypes, 
  <font face="Arial, Helvetica, sans-serif">you need to include other include 
  files. They are all stored in \masm32\include folder. </font></font></font></font>
<p><font face="Arial, Helvetica, sans-serif" size="-1">In <font color="#CCCCCC">our 
  example above, we call a function exported by kernel32.dll, so we need to include